Browser-executed web applications and browser extensions can extend the functionality of a browser for a user. For example, when a user installs a browser-executed web application or extension, increased permissions may be granted to the web application or extension to access local resources. Thus, compared to what typical markup language code executed by the browser has access to, a browser-executed web application or extension may have increased power or functionality. At times, the increased permissions granted to a web application or extension can be exploited by an attacker to perform malicious actions against the user or the user's computing device. Because of this, before browser-executed web applications and extensions are offered to a user from a controlled environment, they often are vetted to determine whether they contain code that could perform a malicious action.
For example, a party that has a stake in the performance, security, reliability of the web applications and browser extensions, including a host of an online marketplace for the web applications and browser extensions, generally may want to ensure that users of the web applications and browser extensions use high performance, secure, and reliable web applications and browser extensions, or at least that users are aware of any concerns regarding the performance, security, and reliability of web applications and browser extensions that they use. Furthermore, the marketplace operator and other parties that have stakes in the performance, security, reliability of the web applications and browser extensions also may want to ensure that web applications and browser extensions that are offered to users from locations outside of the marketplace are equally high performance, secure, and reliable web applications and browser extensions, or at least that users are aware of any concerns regarding the performance, security, and reliability of web applications and browser extensions provided from outside the marketplace.
However, an attacker may try to embed a malicious web application or extension within other executable code that is offer outside the online marketplace and which, when executed, installs the malicious web application or extension on the user's computing device.